NetApp AltaVault AVA400 - Verifying that NTP Operates in FIPS Mode; Verifying that Secure Vault Operates in FIPS Mode; Verifying that SNMP Operates in FIPS Mode; Verifying that the Web Interface Operates in FIPS Mode

To Next Page

To Previous Page

112 NetApp AltaVault Cloud Integrated Storage Administration Guide

Beta Draft

Configuring AltaVault appliances for FIPS-compliant cryptographyFIPS CLI

Verifying that NTP operates in FIPS mode

To verify that NTP is running in FIPS mode, examine the system log when NTPD starts (this occurs whenever the NTP

configuration is modified) and ensure that the NTPD entry sets FIPS mode:

Mar 18 15:49:57 amnesiac pm[4989]: [pm.NOTICE]: Launched ntpd with pid 27617

Mar 18 15:49:57 amnesiac ntpd[27617]: ntpd 4

.2.6p4@1.2324-o Thu May 17 21:31:11 UTC 2012 (1)

…

Mar 18 15:49:57 amnesiac ntpd[27617]: FIPS_mode_set(1)

Verifying that secure vault operates in FIPS mode

The secure vault contains sensitive information from your AltaVault appliance configuration, including SSL private

keys and the data store encryption key. These configuration settings are encrypted on the disk using AES 256-bit

encryption.

The secure vault always runs in FIPS mode. To verify, look for the following in the system log at startup:

Mar 11 18:28:06 amnesiac encfs: FIPS_mode_set(1)

Verifying that SNMP operates in FIPS mode

To verify that SNMP is running in FIPS mode, look for entries similar to the following in the system log when SNMP

starts (this occurs whenever the SNMP configuration changes) and ensure that FIPS mode is set:

Mar 18 16:05:10 amnesiac pm[4989]: [pm.NOTICE]: Launched snmpd with pid 31709

Mar 18 16:05:10 amnesiac snmpd[31709]: FIPS_mode_set(1)

…

Mar 18 16:05:10 amnesiac snmpd[31709]: NET-SNMP version 5.3.1

Verifying that the web interface operates in FIPS mode

The Apache web server for the AltaVault appliance always runs in FIPS mode.

To verify that the web server is in FIPS mode, look for entries similar to the following in the system log:

Mar 18 16:22:11 amnesiac httpd: FIPS_mode_set(1)

Mar 18 16:22:11 amnesiac httpd: [Mon Mar 18 16:22:11 2013] [notice] Operating in SSL FIPS mode

Mar 18 16:22:11 amnesiac httpd: [Mon Mar 18 16:22:11 2013] [notice] Init: Skipping generating

temporary 512 bit RSA private key in FIPS mode

Mar 18 16:22:11 amnesiac httpd: [Mon Mar 18 16:22:11 2013] [notice] Init: Skipping generating

temporary 512 bit DH parameters in FIPS mode

Mar 18 16:22:11 amnesiac httpd: [Mon Mar 18 16:22:11 2013] [notice] Init: Skipping generating

temporary 512 bit RSA private key in FIPS mode

Mar 18 16:22:11 amnesiac httpd: [Mon Mar 18 16:22:11 2013] [notice] Init: Skipping generating

temporary 512 bit DH parameters in FIPS mode

Mar 18 16:22:11 amnesiac httpd: [Mon Mar 18 16:22:11 2013] [notice] Apache/2.2.23 (Unix) mod_ssl/

2.2.23 OpenSSL/1.0.1c-fips configured -- resuming normal operations

FIPS CLI

For information about FIPS CLI commands, see the NetApp AltaVault Cloud Integrated Storage Command-Line

Reference Guide.

Related product manuals